Welcome back to the Salesforce Admin Certification workshop on Day 2. in this session/post we will cover Customization and Configuration in Salesforce which covers 20% of Salesforce Admin Certification. The following are the main topics which cover in this section.
- Company Setup
- User Setup
- Security Setup
- UI Setup
- Custom Profile and Permission Sets
Company Information Shows all the essential information related to the company. You can also manage your licenses and entitlements. This page contains the information provided when your company signed up with Salesforce.
- Standard fiscal year
- Custom fiscal year (once enabled, can not be disabled)
- Used in forecast reports
- Define the working hours for the support team.
- If the organization does not work daily, put blank hours for it.
Holidays define a date and time on which businesses are suspended. A recurring holiday can be set. If we set a regular holiday for each month, the holiday will not be created if that date does not occur. Holidays can be assigned within business hours. We can associate 1000 holidays with each set of business hours.
- Human vs non-human user
- A license is required for user creation. (1 License = 1 User)
- We need to define the profile and role of the user.
- One user can have only one role and one profile.
- The user can not be deleted.
- Ten users can be created using the add multiple user button. No matter if we have more licenses available.
- A place to see all the login attempts of the user.
- If a user complains about not being able to log in, login history is 1st place to check if a user is an active user.
Sometimes if we do not want a user to login into Salesforce we can deactivate or freeze the user. In both, the user will not be able to log in.
- Freeze users only disable the user from logging in.
- Deactivation of the user will release the license, and we can use that license to create another user.
- Sometimes, we can not deactivate a user, eg.
- Default owner of leads
- Default or automated case owner
- Default lead creator or owner
- Default workflow user
- Recipient of workflow email alert
- A user selected in custom hierarchy field
Choosing the data set each user or group of users can see is one of the key decisions that affect the security of your Salesforce org or app. Once you’ve designed and implemented your data model, think about the kinds of things your users are doing and the data they need to do it. Here is a list of all the options with which we can control the security in Salesforce.
- Object permission
- Field Permission
- Tab visibility
- Login Hours
- Login IP Ranges
- Permission Set
- Public Group
Profile: It is a collection of settings and permissions that a user can do in Salesforce. The following type of permission can be managed under the profile.
- APP Permission:
- Tab visibility:
- Default on
- Default off
- Tab hidden
- Object permission: Which object can a user see and what action can be performed?
- Field Permission: Which fields can the user see/edit after accessing that object?
- Login Hours: We can set the hours when a user can log into Salesforce.org.
- Login IP Ranges:
- We can set the allowed IP’s from which login is allowed.
- Login from any other IP’s will not be allowed.
- Do not set this for System admin profile.
- We can set a range of IP’s.
- System permission:
- Export Report
- View All Data
- Modify All Data
- Transfer Case/Leads
- Password Never Expires
Password Policies: We can specify the company’s password requirement.
- Can be set at the organisation level or profile level.
- Profile level password policy overrides the org-wide password policy.
Profile vs Permission Set
Permission Set: Permission set extends the user’s access without making changes to the profile
|We can restrict user access from here.
|Multiple permission sets can be assigned to the user.
|Login Hours/Login IP ranges can be managed
|It is always used for extending the access.
|Record Type(default)/Page Layout can be assigned
|Record Type(Default)/Page layout can not be assigned.
|Login Hours/Login IP ranges can’t be managed
|Login Hours/Login Ip Ranges can’t be managed
|Password Policies can be set
|Password Policies can’t be set
Record level Security
- Used when we want to restrict the record-level access of any object
- We can set different org wides for different object.
- We have following options to set.
- Private (By default record will be visible to owner only)
- Public read only (record will be visible to all users with read only access)
- Public read/write
- Public read/write/transfer (Lead/Case)
- Controlled by parent
- If an object is on detail side of master detail relationship, it’s org wide will be controlled by parent.
- We use it to restrict the access. Serval other options are available to open up access.
- User can edit, view and report on data owned by him or any user below them in the role hierarchy.
- User can edit, view and report on data shared with them or any user below him in role hierarchy.
- Grant Access Using Hierarchies can only be disabled for custom objects only.
- It can not restrict the access given by Org-wide default.
- Sharing rule can be used to share record with public group, role (not falling in role hierarchy.
- It can not restrict the access given by Org wide default.
- We can select the records to be shared by owner of records or criteria.
- 300 Sharing rule can be defined for each object.
- 50 Criteria based sharing rule can be set. (falls under 300)
- Record can manually be shared with user, by clicking Share button on record detail page.
- User should be 1 of following to provide manual sharing.
- Record Owner
- Having record full access
View All Data
- This can be set at the profile level.
- Users having this access will be able to see all the records.
Modify All Data
- This can be set at the profile level.
- Users having this access will be able to edit all the records.
- To frequently see the filtered data on object tab.
- Sharing of list view can be managed
- Global action are used to perform some predefined action without leaving the current screen where user are currently working.
- Action like create record, updating record, send email can be performed
Customization and Configuration in Salesforce Video
Twist Your Mind
- What happens to records owned by a user when a user is deactivated?
- Apex Hour uses Salesforce and wants to onboard five new users, who should have almost the same access in Salesforce apart from 1 user who needs edit access on account in addition to all the access the other four users have. As a system admin, how will you achieve this?